-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 31 Mar 2018 11:31:57 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin apache2.2-common libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: source amd64 all Version: 2.4.10-10+deb8u12 Distribution: jessie-security Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-mpm-event - transitional event MPM package for apache2 apache2-mpm-itk - transitional itk MPM package for apache2 apache2-mpm-prefork - transitional prefork MPM package for apache2 apache2-mpm-worker - transitional worker MPM package for apache2 apache2-suexec - transitional package for apache2-suexec-pristine apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) apache2.2-bin - Transitional package for apache2-bin apache2.2-common - Transitional package for apache2 libapache2-mod-macro - Transitional package for apache2-bin libapache2-mod-proxy-html - Transitional package for apache2-bin Changes: apache2 (2.4.10-10+deb8u12) jessie-security; urgency=medium . * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap when using too small Accept-Language values. * CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name. Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. * CVE-2018-1283: Tampering of mod_session data for CGI applications. * CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request * CVE-2018-1303: Possible out of bound read in mod_cache_socache * CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation Checksums-Sha1: 3604416d0716bed3457a26ad89dd42245c494167 3281 apache2_2.4.10-10+deb8u12.dsc 1d43186273f7fe4dda27654b73af626db4ebd241 566364 apache2_2.4.10-10+deb8u12.debian.tar.xz 3a30aacbaabaee94ba8c6b11298f0d3183a26703 1158 libapache2-mod-proxy-html_2.4.10-10+deb8u12_amd64.deb 179bc20620b2a32be737370a8fa9363dc08039f1 1144 libapache2-mod-macro_2.4.10-10+deb8u12_amd64.deb 1c3ece302d94bc854abd1859edcdd713dbd91ebd 208468 apache2_2.4.10-10+deb8u12_amd64.deb 840c9b75cb0eb265d0c520f7068e700c8406541a 162778 apache2-data_2.4.10-10+deb8u12_all.deb 91143eb65e0d686b40d243a264daf239ff82cc89 1042246 apache2-bin_2.4.10-10+deb8u12_amd64.deb cbfac3bb9668f4f98fd6e6849bc2484dd5aac66d 1522 apache2-mpm-worker_2.4.10-10+deb8u12_amd64.deb 773e3816036302c171caa066f117e5ae947e8f0e 1522 apache2-mpm-prefork_2.4.10-10+deb8u12_amd64.deb e4b4dfb7aed316b3ddd285c82fa5adf0e855871c 1522 apache2-mpm-event_2.4.10-10+deb8u12_amd64.deb f675722c42428551329c927a0d1037eee80c2f28 1518 apache2-mpm-itk_2.4.10-10+deb8u12_amd64.deb b71faafee5f71ed6ae7fce367098f98c6d510062 1702 apache2.2-bin_2.4.10-10+deb8u12_amd64.deb 14796e941a2dbb2e3b0ca6f541aa4ecd950e8ba7 125786 apache2.2-common_2.4.10-10+deb8u12_amd64.deb b95e2488d229f92c10a8b7a45fecf0fc71bfdc13 195980 apache2-utils_2.4.10-10+deb8u12_amd64.deb 82b92399f84e1ab3109939769ea9befa2f831990 1652 apache2-suexec_2.4.10-10+deb8u12_amd64.deb 9721a8f6a4e2204359d982e1eb22d5c5f32ab2e3 130948 apache2-suexec-pristine_2.4.10-10+deb8u12_amd64.deb f74981893872cd1e29044266a1555ad45ec41eae 132490 apache2-suexec-custom_2.4.10-10+deb8u12_amd64.deb 59018466ac35ba57fb48a11610fcd19e05943678 2735640 apache2-doc_2.4.10-10+deb8u12_all.deb d4fced7495987f1472519b654cf287f1f57a52d9 283210 apache2-dev_2.4.10-10+deb8u12_amd64.deb 223a6fa2dfcfeea100df6029e87366318b5cd209 1713472 apache2-dbg_2.4.10-10+deb8u12_amd64.deb Checksums-Sha256: 0b9a1f7b5e6172b5466ae787bc338bb6668d74d39440b1af90d86894dac7a44b 3281 apache2_2.4.10-10+deb8u12.dsc bf3800808974abdf5feabb799bf138370711c05c5344d4f9c3638b63fd9229a7 566364 apache2_2.4.10-10+deb8u12.debian.tar.xz 3c7467fc2ad26e7cf29949f608576878c6f0e2b5f1a1b917e4466930785fc265 1158 libapache2-mod-proxy-html_2.4.10-10+deb8u12_amd64.deb 4633fe66eacb2ee3faa95ed720fd6e8fcf91350a881f4f3d8d97697343032e69 1144 libapache2-mod-macro_2.4.10-10+deb8u12_amd64.deb a7890679b519b12578b8fe3485a2a235c8f2d5ee9f6b045e5e218aff9fef1da5 208468 apache2_2.4.10-10+deb8u12_amd64.deb 729373257c6af885437c41022cae424a5ec2f9868e4bb4b76f19b84119632734 162778 apache2-data_2.4.10-10+deb8u12_all.deb ec45405bdd200ca13a2cebc9eccdeeddf99f87eba886a85af5c31ba9cefd7023 1042246 apache2-bin_2.4.10-10+deb8u12_amd64.deb 183faa81ddd7642ee84d7417a3813263524cf427ec9c71318abbbafe3a1529e3 1522 apache2-mpm-worker_2.4.10-10+deb8u12_amd64.deb 417984c834f8d162a8f452b3ee7c3a7dfecf4e15d942796dfa678a4243080c7e 1522 apache2-mpm-prefork_2.4.10-10+deb8u12_amd64.deb df125f66157c358bdfac5477f45fcc0ce0b61ebc2c8676f310c468a4a985b271 1522 apache2-mpm-event_2.4.10-10+deb8u12_amd64.deb e3e1e072ec2b92187523e65da2532cdc91b0590957c572030d97f55b7de438d9 1518 apache2-mpm-itk_2.4.10-10+deb8u12_amd64.deb b84b872a44448e0a245c4c0ee05e2ef7740328b350ea194828e20897dcf24033 1702 apache2.2-bin_2.4.10-10+deb8u12_amd64.deb 946748233bd9b48b3bf58e536a505050382cd831ddd8e24a84855f876c885a3b 125786 apache2.2-common_2.4.10-10+deb8u12_amd64.deb aca2d70534594515e9cc0c2501e3bf049fbfb24ebff3aeb58579aaadc0226a8a 195980 apache2-utils_2.4.10-10+deb8u12_amd64.deb 03ded4756df17793765b4a63e71d05ad07e4e3089f2f42af8025ea54f77f5d6b 1652 apache2-suexec_2.4.10-10+deb8u12_amd64.deb 00e63bf384ec083ccf7044a86a2c35d8ffb64bcf86aefad73591ccb9748f1dad 130948 apache2-suexec-pristine_2.4.10-10+deb8u12_amd64.deb 849739f58799bce5a0b012aed434477ed8782eb2d61b01dd7fd13794b9722079 132490 apache2-suexec-custom_2.4.10-10+deb8u12_amd64.deb a8139eeefe79330cd090f653a6d86bbdeaa27c623f921873d56c06127fe08b75 2735640 apache2-doc_2.4.10-10+deb8u12_all.deb 55de65cbfac123a59a3a1759e56bcbf4b2bce51f38c8e03888845a2eea1e107f 283210 apache2-dev_2.4.10-10+deb8u12_amd64.deb ebee10a166b3436c101080b9e5d755d0e377e91084a09f716847c613dc6987f5 1713472 apache2-dbg_2.4.10-10+deb8u12_amd64.deb Files: 7ee5cc0c84b8ea3e0303271e78c3a71a 3281 httpd optional apache2_2.4.10-10+deb8u12.dsc 98d8c905342fdb5ad40f61d49d4c28d8 566364 httpd optional apache2_2.4.10-10+deb8u12.debian.tar.xz 8bbe43be31759baec08506b8fc9e6685 1158 oldlibs extra libapache2-mod-proxy-html_2.4.10-10+deb8u12_amd64.deb 279f1d5fb8ebd2ee8d74f188e11958a5 1144 oldlibs extra libapache2-mod-macro_2.4.10-10+deb8u12_amd64.deb 0c54378f55125582eae37c07bdaab8d5 208468 httpd optional apache2_2.4.10-10+deb8u12_amd64.deb f612bbc48249799d0c4ba3bc162e258a 162778 httpd optional apache2-data_2.4.10-10+deb8u12_all.deb 71eb52585a761374a45ca338992c0834 1042246 httpd optional apache2-bin_2.4.10-10+deb8u12_amd64.deb a1f8071d5dda9bf86f9caa974cb14e49 1522 oldlibs extra apache2-mpm-worker_2.4.10-10+deb8u12_amd64.deb 4448e2288674127b62a23fc50ee3ac14 1522 oldlibs extra apache2-mpm-prefork_2.4.10-10+deb8u12_amd64.deb 75269bed5c81297461eeb3316a7a4509 1522 oldlibs extra apache2-mpm-event_2.4.10-10+deb8u12_amd64.deb 0afcb81961332cba955b78cb6bc80979 1518 oldlibs extra apache2-mpm-itk_2.4.10-10+deb8u12_amd64.deb 7c49b8a6b2a39137b0e3f1765759f27a 1702 oldlibs extra apache2.2-bin_2.4.10-10+deb8u12_amd64.deb 6969c577d7c64edbae2a204bf4753030 125786 oldlibs extra apache2.2-common_2.4.10-10+deb8u12_amd64.deb 0474be4cc03675c9e6a0d8da49e17264 195980 httpd optional apache2-utils_2.4.10-10+deb8u12_amd64.deb 6e630dfff14cfb8266fd0e3b884f21c0 1652 oldlibs extra apache2-suexec_2.4.10-10+deb8u12_amd64.deb 588c6a62c060986615189ca03df565ff 130948 httpd optional apache2-suexec-pristine_2.4.10-10+deb8u12_amd64.deb 7590bfffe882308887720c72ea21684e 132490 httpd extra apache2-suexec-custom_2.4.10-10+deb8u12_amd64.deb a7d69bd67defb7a34255f2cb1e543c59 2735640 doc optional apache2-doc_2.4.10-10+deb8u12_all.deb e4df7d54d829e32c1c1e9347fc1f4448 283210 httpd optional apache2-dev_2.4.10-10+deb8u12_amd64.deb 0ecd6d7c4e0bac36b6411ed38c078e3d 1713472 debug extra apache2-dbg_2.4.10-10+deb8u12_amd64.deb -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlq/WLwACgkQxodfNUHO /eA0JA/3SOPsa2CyGsVqY0FJzY5ZS9W/Vf4cKiZ9kj1+hUCgmk2nDWTSp0g0N4hd HT5XIXy9a58bCb4t/HEeL+UOr5vmkfSA6csVtzVeDuL4wGDFxUIlmdtHIm5RC8l9 +EhLehBuxzCuIjZtALUYryUaEdSHsw2zhhstihkXiUB4da9OZP2sxyXNb1DYKLTN D/z3T9IP2E53fVWXSikgGvQzGAhmP9tikPeYpUqo4WK32pOz98iNbSmf+CSv0E70 E0xWXKnZjmjDd4xmUBlbi4+GOE3fa9LOFhsLMD7LYrdGvS/2ccj651C/wthZ7Zez bhLDpR9LuvPhJeajqQ7YNfc81huniD9t8NdULN5vlVs6/vj7wsxcZPZjo92tPVaa Y86If2C1mXiGANGLe4/aaWT1ZbmDZV1M7vtfoPnaSb4q9JKFsA8delWzHBzQUpea VeSzAWabN/MHy6juLIdNSMW9bT5u6jNb9iv1Gz9b88mD3ij7C9RoYNsXLl87hKK1 GTCS58DPON1Cs8AZGZMv7YqcE7n7OkaEmvcXNban0MS30EnhX2M8OI7yqlIaYPfg EaHH3QQT87+9vRgTuPY/Ail1g6urYfrNKSbVfEUZ4BxSidFo+NrwNpEcXowUhZCj WMWXbr0pwFncVRz+8JZEYNQPrWbAgaUZJG52Y1OW8FJ1QzqbpA== =VV60 -----END PGP SIGNATURE-----